‘No Script’ addon on the tor browser is set as trusted globally and if i try to change the default setting after restarting the tor browser they are reverted to their previous state. Anyone else having this issue? I am using whonix xfce 14.0.1.3.8.
suppose to be fixed by now. (if thats what you mean)
Yes, it still won’t save settings.
Hi Simon707
This is by design. For persistent NoScirpt settings you must toggle extensions.torbutton.noscript_persist
to true in about:config ? This will negatively effect your Tor Browser fingerprint. i.e. usability vs. anonymity trade off
https://whonix.org/wiki/Tor_Browser#NoScript_Custom_Setting_Persistence
Keep in mind, if you move the TB security slider all persistent settings will be lost.
So, if i don’t want to leave fingerprint i have to manually block scripts per site?
its the opposite , noscript actually blocking everything and its memory only per Tor Browser session. so using standard and safest security modes of your TBB will block all scripts (specially safest mode).
The issue many users have of persistent whitelisting a website.
These are my default settings. It doesn’t block anything by default. I have to uncheck all default settings on tor browser startup because ‘no script’ doesn’t save settings.
Correct. This is by design.
https://whonix.org/wiki/Tor_Browser#Security_vs_Usability_Trade-off
So there is no confusion:
- NoScript should not block scripts by default.
- To set persistent NoScript setttings (i.e. block scripts) one must follow:
Note: The Tor Browser security slider (top left hand corner of your screen) can be set to safest on every Tor Browser restart. See above Security vs. Usability Trade-off
Related:
Possible this bug might have cause some confusion? Now fixed.
i just recently dealt with this question in the latest version of my guide. while it may seem an annoyance, you can go into the noscript settings of your default security choice and simply uncheck the boxes each time you start a tor browser session. then, temporary allow sites at will.
for general web browsing, simply setting security slider to highest will work. if you wamt to use something like twitter, method above without moving security slider works fine, without allowing all javascript by default.